Add initial configuration file skeletons

1 files changed, 40 insertions, 0 deletions

diff --git a/confskel/heimdal/krb5.conf b/confskel/heimdal/krb5.conf
new file mode 100644
index 0000000..adf55df
--- /dev/null
+++ b/confskel/heimdal/krb5.conf
@@ -0,0 +1,40 @@
+[libdefaults]
+    ticket_lifetime = 86400
+    default_realm = @@@REALM_UCNAME@@@
+    default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+    default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+[appdefaults]
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+
+[realms]
+    @@@REALM_UCNAME@@@ = {
+        kdc = @@@KDCSERVER@@@:@@@KDCPORT@@@
+        admin_server = @@@ADMINSERVER@@@:@@@ADMINPORT@@@
+        pkinit_require_eku = @@@PKINIT_REQUIRE_EKU@@@
+        pkinit_require_krbtgt_otherName = @@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@
+        win2k_pkinit = @@@WIN2K_PKINIT@@@
+        win2k_pkinit_require_binding = @@@WIN2K_PKINIT_REQUIRE_BINDING@@@
+   }
+
+[domain_realm]
+    @@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+    .@@@REALM_LCNAME@@@ = @@@REALM_UCNAME@@@
+
+[kdc]
+    enable-pkinit = yes
+    pkinit_identity = FILE:/etc/trinity/ldap/tde-ca/public/@@@KDCSERVER@@@.pki.crt,/etc/trinity/ldap/tde-ca/private/@@@KDCSERVER@@@.pki.key
+    pkinit_anchors = FILE:/etc/trinity/ldap/tde-ca/anchors/tdeca.pem
+    pkinit_allow-proxy-certificate = false
+
+    database = {
+        dbname = ldap:@@@REALM_DCNAME@@@
+        acl_file = /etc/kadmind.acl
+    }
+
+[logging]
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmin.log
+    default = FILE:/var/log/krb5lib.log
+
+